hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kan Zhang (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-7091) reloginFromKeytab() should happen even if TGT can't be found
Date Fri, 07 Jan 2011 19:45:45 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-7091?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12978932#action_12978932

Kan Zhang commented on HADOOP-7091:

Todd, thanks for the review. Can't write unit tests for it, but we have verified the patch
on clusters at Yahoo.

> reloginFromKeytab() should happen even if TGT can't be found
> ------------------------------------------------------------
>                 Key: HADOOP-7091
>                 URL: https://issues.apache.org/jira/browse/HADOOP-7091
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>            Reporter: Kan Zhang
>            Assignee: Kan Zhang
>         Attachments: c7091-01.patch
> HADOOP-6965 introduced a getTGT() method and prevents reloginFromKeytab() from happening
when TGT is not found. This results in the RPC layer not being able to refresh TGT after TGT
expires. The reason is RPC layer only does relogin when the expired TGT is used and an exception
is thrown. However, when that happens, the expired TGT will be removed from Subject. Therefore,
getTGT() will return null and relogin will not be performed. We observed, for example, JT
will not be able to re-connect to NN after TGT expires.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message